Ubuntu 12.04 – Install Postfix, Dovecot and Vimbadmin

This tutorial shows you how to install Postfix (2.9.6) with Dovecot (2.0.19), the manage tool Vimbadmin (2.2.2) and SpamAssassin (3.3.2) on Ubuntu Server 12.04 (I got feedback that this tutorial still works for Ubuntu Server 14.04).

Add the following below the smtpd lines. This allows the use of SASL (Simple Authentication And Security Layer), so email clients like thunderbird are allowed to send mail with this mail server if the credentials are correct.

When Postfix receive an e-mail it will send it to another software: “Dovecot”. Dovecot will then manage the IMAP and POP3 services for the users. Tell Postfix to do this by adding the following line at the end of the file /etc/postfix/master.cf.

Dovecot

Dovecot can do several things for use. Get emails from Postfix and save them to disk, watch quotas (how much space a user may use on the servers disk), execute user-based “sieve” filter rules (can be used to put away emails to different folders), allow users to fetch emails using POP3 or IMAP. Create a user and a group just for storing emails (choose a free uid/gid):

The “allow_all_users=yes” setting means that it is not necessary for Dovecot to check if a certain user exists. We can do that because Postfix has already ensured (in the virtual_mailbox_maps query) that the users existed before their email was handed over to Dovecot’s “deliver” agent.

Set authentication service:

nano /etc/dovecot/conf.d/10-master.conf

service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Its default
# permissions make it readable only by root, but you may need to relax these
# permissions. Users that have access to this socket are able to get a list
# of all usernames and get results of everyone's userdb lookups.
unix_listener auth-userdb {
mode = 0600
user = vmail
group = vmail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
}

The log file can become quite large, so let the system rotate the log file.

nano /etc/logrotate.d/dovecot-deliver

/var/vmail/dovecot-deliver.log {
weekly
rotate 14
compress
}

Set the correct SQL settings:

cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf

nano /etc/dovecot/dovecot-sql.conf

Paste:

# This file is opened as root, so it should be owned by root and mode 0600.
#
# http://wiki2.dovecot.org/AuthDatabase/SQL
#
# For the sql passdb module, you'll need a database with a table that
# contains fields for at least the username and password. If you want to
# use the user@domain syntax, you might want to have a separate domain
# field as well.
#
# If your users all have the same uig/gid, and have predictable home
# directories, you can use the static userdb module to generate the home
# dir based on the username and domain. In this case, you won't need fields
# for home, uid, or gid in the database.
#
# If you prefer to use the sql userdb module, you'll want to add fields
# for home, uid, and gid. Here is an example table:
#
# CREATE TABLE users (
# username VARCHAR(128) NOT NULL,
# domain VARCHAR(128) NOT NULL,
# password VARCHAR(64) NOT NULL,
# home VARCHAR(255) NOT NULL,
# uid INTEGER NOT NULL,
# gid INTEGER NOT NULL,
# active CHAR(1) DEFAULT 'Y' NOT NULL
# );

# passdb query to retrieve the password. It can return fields:
# password - The user's password. This field must be returned.
# user - user@domain from the database. Needed with case-insensitive lookups.
# username and domain - An alternative way to represent the "user" field.
#
# The "user" field is often necessary with case-insensitive lookups to avoid
# e.g. "name" and "nAme" logins creating two different mail directories. If
# your user and domain names are in separate fields, you can return "username"
# and "domain" fields instead of "user".
#
# The query can also return other fields which have a special meaning, see
# http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
#
# Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
# for full list):
# %u = entire user@domain
# %n = user part of user@domain
# %d = domain part of user@domain
#
# Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters.
#
# Example:
# password_query = SELECT userid AS user, pw AS password \
# FROM users WHERE userid = '%u' AND active = 'Y'
#
#password_query = \
# SELECT username, domain, password \
# FROM mailbox WHERE username = '%u' AND domain = '%d'

# userdb query to retrieve the user information. It can return fields:
# uid - System UID (overrides mail_uid setting)
# gid - System GID (overrides mail_gid setting)
# home - Home directory
# mail - Mail location (overrides mail_location setting)
#
# None of these are strictly required. If you use a single UID and GID, and
# home or mail directory fits to a template string, you could use userdb static
# instead. For a list of all fields that can be returned, see
# http://wiki2.dovecot.org/UserDatabase/ExtraFields
#
# Examples:
# user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
# user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
# user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
#
#user_query = \
# SELECT homedir AS home, uid, gid \
# FROM mailbox WHERE username = '%u' AND domain = '%d'

# If you wish to avoid two SQL lookups (passdb + userdb), you can use
# userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
# also have to return userdb fields in password_query prefixed with "userdb_"
# string. For example:
password_query = \
SELECT username AS user, password, \
homedir AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
FROM mailbox WHERE username = '%u'

# Query to get a list of all usernames.
iterate_query = SELECT username AS user FROM mailbox

Adjust the driver, connect and default_pass_scheme variable to your situation.

Testing / relay

Get a report on your domain from http://www.pingability.com/zoneinfo.jsp. This invaluable report will check a number of things. Whether your email server is an open relay; that it is listening on a public IP; that you have an MX DNS record; and more. DNSReport may warn about missing reverse DNS entries.

Trouble shooting

List made changes with:

doveconf -n

Postfix log:

tail -n100 /var/log/mail.log

SpamAssassin

It’s nice to install SpamAssassin as additional step to fight SPAM on your mail server! When Postfix receives an email it will go through the SpamAssassin filter that will add several X-SPAM headers before the email gets passed to Dovecot. An example of the headers in an email that is marked as spam by SpamAssassin:

This will train SpamAssassin every 6 hours. Notice the difference between the two by the —spam and —ham flag. It’s important to train not only spam, but also ham (mail that is valid and must NOT be considered spam). Otherwise the filter will become biased towards spam.

Configure your email client like Thunderbird to use the “Junk” folder as junk folder. This is the default for the Apple Mail client. So if you mark an email as junk or move it to the junk folder in your email client (if you use IMAP, so it will also be moved on the server), make sure it will stay there for at least 6 hours so the SpamAssassin can learn from it.

Or just send an email from your Gmail account for example. The subject must be "Test spam mail (GTUBE)" and the body:

This is the GTUBE, the
Generic
Test for
Unsolicited
Bulk
Email
If your spam filter supports it, the GTUBE provides a test by which you
can verify that the filter is installed correctly and is detecting incoming
spam. You can send yourself a test mail containing the following string of
characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You should send this test mail from an account outside of your network.

Great post,
After following the instructions, I send an email from the server where postfix is located (sendmail xxx@mydomain.com) and I go to /var/vmail/mydomain.com/xxx/Maildir/new/ and I could find the email, same when I sent an email from GMAIL, the problem I can not connect to the sMTP server or the iMAP server from my THUNDERBIR client, can you help me? witch parameters I must give to thunderbir, I try “mutt -f imap://mydomain.com” in server, but It say me login failed !

Trying to follow the instructions but ran into a problem with installing Vimbadmin as Ubuntu 12.04 does not support php 5.4 and substitutes php(-common for php5-json
How do the others manage and not me!
Any help installing would be much appreciated

Hi, my name is Pieter Vogelaar. I’m a web developer / DevOps engineer / IT consultant and specialized in high traffic and high profile websites. I love open source and have a great passion for automating and developing things!